阿里官网给出的修复步骤:
【已确认被成功利用的软件及系统】
所有安装GNU bash 版本小于或者等于4.3的Linux操作系统。
【漏洞描述】
该漏洞源于你调用的bash shell之前创建的特殊的环境变量,这些变量可以包含代码,同时会被bash执行。
【漏洞检测方法】
漏洞检测命令:env -i X='() { (a)=>\' bash -c 'echo date'; cat echo
修复前
输出:
当前系统时间
使用修补方案修复后
输出
date
(备注:输出结果中包含date字符串就修复成功了。)
特别提示:该修复不会有任何影响,如果您的脚本使用以上方式定义环境变量,修复后您的脚本执行会报错。
【建议修补方案 】
请您根据Linux版本选择您需要修复的命令, 为了防止意外情况发生,建议您执行命令前先对Linux服务器系统盘打个快照,如果万一出现升级影响您服务器使用情况,可以通过回滚系统盘快照解决。
centos:(最终解决方案)
yum clean all
yum makecache
yum -y update bash
-------------------------------------------------------------------------------------------------------------------修复:
[root@AY140518225150152f97Z ~]# env -i X='() { (a)=>\' bash -c 'echo date'; cat echo
bash: X: line 1: syntax error near unexpected token `='bash: X: line 1: `'
bash: error importing function definition for `X'
Sat Sep 27 09:25:24 CST 2014
[root@AY140518225150152f97Z ~]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: base extras updates
Cleaning up Everything
Cleaning up list of fastest mirrors
[root@AY140518225150152f97Z ~]# yum makecache
Loaded plugins: fastestmirror
Determining fastest mirrors
* base: mirrors.163.com
* extras: mirrors.163.com
* updates: mirrors.163.com
base | 3.7 kB 00:00
base/group_gz | 220 kB 00:00
base/filelists_db | 5.9 MB 00:00
base/primary_db | 4.4 MB 00:00
base/other_db | 2.8 MB 00:00
extras | 3.3 kB 00:00
extras/filelists_db | 11 kB 00:00
extras/prestodelta | 904 B 00:00
extras/primary_db | 19 kB 00:00
extras/other_db | 22 kB 00:00
updates | 3.4 kB 00:00
updates/filelists_db | 3.0 MB 00:00
updates/prestodelta | 507 kB 00:00
updates/primary_db | 5.3 MB 00:00
updates/other_db | 46 MB 00:08
Metadata Cache Created
[root@AY140518225150152f97Z ~]# yum -y update bash
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* extras: mirrors.163.com
* updates: mirrors.163.com
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package bash.x86_64 0:4.1.2-15.el6_4 will be updated
---> Package bash.x86_64 0:4.1.2-15.el6_5.2 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
==========================================================================================================================================================
Package Arch Version Repository Size
==========================================================================================================================================================
Updating:
bash x86_64 4.1.2-15.el6_5.2 updates 905 k
Transaction Summary
==========================================================================================================================================================
Upgrade 1 Package(s)
Total download size: 905 k
Downloading Packages:
bash-4.1.2-15.el6_5.2.x86_64.rpm | 905 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : bash-4.1.2-15.el6_5.2.x86_64 1/2
Cleanup : bash-4.1.2-15.el6_4.x86_64 2/2
Verifying : bash-4.1.2-15.el6_5.2.x86_64 1/2
Verifying : bash-4.1.2-15.el6_4.x86_64 2/2
Updated:
bash.x86_64 0:4.1.2-15.el6_5.2
Complete!
[root@AY140518225150152f97Z ~]# env -i X='() { (a)=>\' bash -c 'echo date'; cat echo
date
Sat Sep 27 09:25:24 CST 2014
[root@AY140518225150152f97Z ~]#
930
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
